Information service system

ABSTRACT

An information service system is provided, particularly for use by the police. The information service system communicates with application devices used by the police and includes an intelligent and dynamically implemented portal for standardized access to downstream information systems, a terminal for access to the portal, and a communication device for linking the terminal with the portal.

PRIORITY CLAIM

This application is a 35 U.S.C. §371 filing of International PatentApplication No. PCT/DE01/00090 filed on Jan. 5, 2001. This applicationclaims priority benefit of German Patent Application No. 10003440.3,filed Jan. 27, 2000 and German Patent Application No. 20016746.4, filedSep. 28, 2000.

BACKGROUND

The present invention relates to an information service system,particularly for use by the police.

Despite excellent overall conditions, police departments in Germany andelsewhere are exposed to modern challenges, which are becomingincreasingly difficult to handle using conventional means.

These challenges include both

-   -   internal factors, such as restructuring within police        organizations and increasing cost pressures, and    -   external factors, such as an increase in complex criminal forms,        such as white collar or organized crime and ever larger        geographical policing areas (Germany, Europe) and an associated        increase in cross-border crimes.

Such challenges can only be handled if the police are placed in aposition to do so. The necessary access to relevant information onlyexists in fragmentary form; in Germany, for example, law enforcementconsists of the police organizations of the 16 Federal German states,the German criminal investigation office, the German border police andthe customs administration, which in part also handles police problems.German law enforcement agencies are unable to access information to anextent adequate for dealing with a particular task.

Therefore, the problem of the invention is to provide an informationservice system enabling a user, independently of the access channelavailable, to access in simple manner the instruments required by him,such as information and applications.

SUMMARY OF THE INVENTION

According to the invention, this problem is solved by an informationservice system with application devices, particularly for use by thepolice, with information systems, an intelligent and dynamicallyimplemented portal for standardized access to downstream informationsystems with a scope dependent on the user, containing at least oneterminal for access to the portal and at least one communication devicefor linking the terminal with the portal. The term intelligent portal isunderstood to mean a portal which also makes available its ownfunctions. The term dynamically implemented portal is understood to meana portal generated as a function of the context (e.g. date, time of day,special events, notified user, etc.). The counterpart is a staticportal, which although regularly “filled” with new information, providesno flexible, context-dependent display.

The information systems can also incorporate an external and/or at leasta local data bank, such as a data bank of a private or publicorganization.

The information systems advantageously incorporate at least one localmedia data bank.

It is also possible for the information systems to incorporate at leastone local data warehouse, such as a data store containing image or videodata.

The information systems advantageously incorporate at least one localdevice for an application. For example, the application can be used foruse planning.

According to another special embodiment, the information systemsincorporate at least one local office communication system. For example,the office communication system can be used for detecting, processing,sending and administering documents, and for receiving, producing,sending and documenting e-mails.

The portal can also incorporate a server.

Advantageously the portal incorporates an engine layer with at least oneengine on a layer with an administration device for administering users,the configuration of engines and the administration of upstream anddownstream layers. The engines are machines for fulfilling certainportal tasks.

In an upstream layer, the portal preferably incorporates a device forauthenticating a user and the server. It is a hardware layer which isused for establishing who is communicating with whom.

The authenticating device advantageously also incorporates a useridentifying device.

In an upstream layer, the portal advantageously incorporates anauthorization control and storage device for regulating the extent ofaccess granted to a user. The authorization control can take place viauser and user group rights.

Advantageously, the portal has a device for displaying use possibilitiesof the portal as a function of the external context, such as the date,time of day, user and special events.

According to another special embodiment of the invention, the portal inthe upstream layer can incorporate a device for encrypting the datatransmitted via the communication device and for decrypting the datareceived via the communication device. Such a device is used to protectsensitive data pollable via the information service system againstunauthorized interception.

Advantageously the portal also incorporates a device for providing orestablishing the integrity of the data transmitted and received via thecommunication device. This is intended to prevent or prove aninadmissible manipulation of the transmitted data.

According to another special embodiment of the invention, the enginelayer incorporates a subscription engine for subscribing to information,lists, and further services through a user. Thus, a user can inform theinformation service system of his interests (active personalization) andreceive information about his fields of interest upon logging in.

The engine layer advantageously incorporates a filter engine. On thebasis of predetermined criteria, the filter engine can investigatedifferent information areas for the particular user. Thus, as soon as auser carries out a personal, factual, or other type of poll orinterrogation, the filter engine accesses its known information sourcesand compiles a list from all the search results.

It can also be provided that the engine layer incorporates aninformation repository engine and/or an application repository engineand/or office communication repository engine. The informationrepository engine can contain a metadata structure of the downstreaminformation systems and path information for access to the same. Theinformation repository engine is used by services for which the storagelocation is not relevant, but the type of information such as a fact,person, etc., is. Thus, for example, personal information is stored indifferent information systems, such as those located in provincial andnational criminal investigation offices and Interpol. Instead ofsupplying the information to all these services which have informationsystems containing personal information, it is sufficient on the basisof the “person” inquiry to determine all the necessary storage locationsvia the information repository engine. An application repository enginecontains a list of applications made available to the users of theinformation service system via the portal in downstream informationsystems. Besides the location of the application, it also containsinformation on both the user and user group rights necessary for access.For example, if a police officer desires access to INPOL, then thataccess is admissible as a result of his user group membership and theconnection to INPOL is granted and established. However, if a magistratewishes to access INPOL, access is refused, because as a result of hisuser group membership, the magistrate does not have the properauthorization. In the case of extended powers granted to the magistrate,authorization can be given to INPOL on the user plane and once againaccess to INPOL is made possible. The office communication repositoryengine offers standardized access to a local office communication systemand its associated functions.

Advantageously, the portal incorporates an output engine whereby a useris given the possibility to obtain information objects via differentaccess channels and in different formats.

Advantageously the portal incorporates an interface integrator fordownstream information systems. Thus, the portal must assist differentinterfaces, because in large organizations, such as a policeorganization, access to the most varied information systems isnecessary. These include, in addition to the different platforms andsystem architectures, different information sources, data displays anddata banks, such as relational and multidimensional data banks andunstructured data memories. This also implements interfaces to the datawarehouse and data mining system.

Preferably the portal incorporates at least one multivalent orvalue-added service system. The value-added service system offers aspecific service and is part of the portal and consequently does notbelong to a downstream information system. Each value-added servicesystem controls the access authorization itself; for example, uponcalling up such a system, the system checks the access authorizationusing the user profile and the necessary authorizations for thevalue-added service to establish whether the user or user group rightsare adequate for the use of the said service. If authorization isinadequate, access to the value-added service is refused.

The portal advantageously also contains a request broker, which on thebasis of the nature of the user inquiry, allocates the same to thecorrect engine, and after running the inquiry, then ensures that theinformation obtained is transmitted back to the correct user.

Another special embodiment according to the invention is characterizedby a firewall machine between the portal and the at least onecommunication device. It serves to implement a firewall and monitors theentire data traffic between the terminals and the portal in order toprevent unauthorized penetration of the information service system, theintroduction of virus programs, and similar attacks.

Finally, a special embodiment of the invention is characterized by afirewall machine between the portal and the downstream informationsystems, which has the same function as the previously describedfirewall machine, but relative to the portal-downstream informationsystem transition.

The invention is based on the surprising finding that via a standardizedaccess, namely the portal, the available data and application devices ofvaried organizations can be easily accessible and each police officer,independently of the access channel, is able to obtain function-relatedinformation allowing the officer to fulfill his task. The portal alsoallows the linking of information rendered accessible by the applicationdevices, so that these can be made an indirect component of the portal.By producing the connection of data from existing information systemsand application devices, a new information quality can be created andthus provides an added value for the police. The necessary informationis displayed in context so that law enforcement is better able tofulfill its functions, thus allowing for strategic aims to be morelogically implemented.

In addition, the use of a portal, besides the integration of existinginformation systems and application devices, also permits theidentification, implementation and integration of future informationsystems and application devices. New information systems and applicationdevices built according to the architecture of the described informationservice system can be made available in a simple, standardized mannerand linked with existing information systems. Thus, the police may beassisted in additional areas where, as a result of a lack ofinstruments, potential for improvement exists. As examples, operativecontrol, risk management or training instruments, and knowledgeapplications may be integrated.

BRIEF DESCRIPTION OF THE DRAWINGS

Further advantages and features of the invention can be gathered fromthe claims and the following description of an embodiment illustrated bythe attached drawings.

FIG. 1 shows the technical architecture of an information servicesystem.

FIG. 2 shows safety zones resulting from different accessauthorizations.

FIG. 3 shows the functional systematics of the information servicesystem of FIG. 1.

FIG. 4 shows a use example of the information service system of FIG. 1.

DETAILED DESCRIPTION

FIG. 1 diagrammatically shows the technical architecture of a specialembodiment of an information service system according to the presentinvention. The information service system can be subdivided into threecomponents, namely A: access channels, B: intelligent portal and C:downstream information systems. The access channels are used forproducing access to an intelligent, dynamically implemented portal andare implemented by terminals 10 to 16 and communication devices. Withregard to the access, a distinction is made between a local access, alocation-independent access by means of a mobile PC,location-independent access with terminals capable of transmitting dataand location-independent access with terminals unable to transmit data.Thus, any authorized user can alternately use any random access channel.

With a local access, users have fixed, location-bound operatingpositions, as represented by terminal 10 in the form of a PC. Thecommunication device for linking the terminal with the portal Bincorporates a remote data transmission device 18 in the form of atelephone fixed or mobile radio network, a router 10 (unction computerbetween data networks) and the Internet and with respect to the latteruse is made of web browsers having a HTML basis and standardized TCP/IPnetworks as the network layer. In FIG. 1 a HTTP server 22 represents theInternet and allows a continuous, standardized use of officecommunication systems.

A location-independent access with mobile PCs have full-value, but notlocation-bound operating positions, like the terminal 12 in FIG. 1 inthe form of a laptop or notebook. The communication device for linkingthe terminal 12 with the portal B looks the same as in the case ofterminal 10. As compared with a PC located at a fixed location (seeterminal 10), a terminal 12 offers the possibility that a user is ableto dial into the portal B via communication mechanisms of the laptop ornotebook from different locations and may make available the samefunctions as those of a stationary PC.

In the case of a location-independent access with terminals capable oftransmitting data, such as terminal 14, an associated communicationdevice incorporates a remote data transmission device 18 in the form ofa mobile radio network, a router 20 and a WAP (Wireless ApplicationProtocol) server 24 with a WAP browser based on WML. Standardized TCP/IPnetworks are used as the network product.

Finally, standard mobile radio telephones represent an example forterminals 16 which are not able to transmit data and permit alocation-independent access. The associated communication device for astandard mobile radio telephone incorporates a remote data transmissiondevice 26 in the form of a mobile radio network and an IVR (InteractiveVoice Response) server 28, such as an interactive voice system enablinga user to selectively poll information and also received information inplanned form. If the terminal 16 is WAP-capable, the information canalso be polled and received by the WML-based WAP server 24.

In each case a firewall machine 30 or 32 is placed between the accesschannels A and the portal B and between the portal B and the downstreaminformation system C. The portal B incorporates an application server34. The downstream information systems C incorporate an external databank 36, e.g. INPOL, which is accessible through a router 38 and a WAN(Wide Area Network) 40, a local device 42 for an application, e.g. useplanning, a local office communication system 44, a local data warehouse46 and a printer 48.

As a result of the sensitivity of the data available through theinformation service system, the security aspect is of great importance.The term security in the context of network-based applications consistsof the following elements:

a) Server and client-side authentication—who is communicating with whom?

b) Authorization—what access authorization does the inquiring user have?

c) Data security—can the data transmission be intercepted?

d) Data integrity—is the arriving data the same as the transmitted data?

It is not possible for any random user to directly access all dataavailable via the portal. Access to the information is fundamentallysubdivided into three different security zones (cf. FIG. 2):

Internet

-   -   All undefined users without authorization to sensitive data and        having a guest status can enter this zone. Access is only        possible on the static side making available general information        via the information service system. The only contact possibility        in this security zone consists of an e-mail to the operator of        portal B, and no content personalization is possible.    -   Extranet

All trusted users 50, 52 of the information service system are able,following authentication, to dial contents. Only part of the users,namely the user 52, has the possibility to poll contents. All privateand public organizations that do not belong to the police can enter theExtranet.

-   -   Intranet

All internal police users can enter this security zone. Followingauthentication, there is a personalized build-up of portal B. In thissecurity zone, there is reading and writing access to all informationsystems authorized for the user. In order to obtain a high-securitystandard, the server and client-side authentication referred tohereinbefore under a) can take place as follows:

Access via terminals capable of transmitting data

To ensure that the desired application server 34 is reached by anauthorized client (user), the following procedure can be adopted:

1. Inquiry via HTTP server 22 or WAP server 24;

2. Acknowledgement of portal B with certificate, public key(asymmetrical encryption method) and signature;

3. Client-side production of a session key for the actual connection;

4. Encrypting the session key with public key of portal B;

5. Dispatch to application server 34;

6. Decryption of the session key with a private key of the informationservice system;

7. Request to identify the client via symmetrical encryption (sessionkey);

8. Identification of the user as a function of the security zone: noidentification is needed if a user belongs to the security zone(Internet), whereas an identification procedure is necessary if a userbelongs to the Extranet or Intranet security zones. In the case of guestaccess, no identification is necessary, whereas with Extranet access,identification can take place via user names and passwords, and withIntranet access the identification can take place in the form of a username/chipcard in conjunction with a biometric method (fingerprint, voiceanalysis, iris analysis); and,

9. Granting access after identification in application server 34.

In the case of access via terminals which cannot transmit data (voiceconnections), the server and client-side authentication can take placeas follows:

1. Dialling in via a fixed access number of the information servicesystem;

2. Inputting the user identification via a telephone keyboard, assuminga MFW-capable telephone;

3. Additional identification via the voice; and

4. Caller number registration

The authorization referred to under b) can take place on the applicationplane within the portal B, such that every user has a profile enablinghim to access certain functions. Unlike optimistic control, where accessrights are taken away from the user and from the outset has allpossibilities, authorization here is pessimistically controlled. Accessrights must be expressly allocated to a user.

The authorization control takes place by means of user and user grouprights, at least one user group being associated with each user.Compared with user group rights, user rights have a higher priority. Forexample, if a user is not authorized on the basis of a user groupmembership to use a specific application, the user may personally begiven authorization to the application by setting specific user rights.In other words, authorization to access the application is made at theuser level rather than the group level.

Authorization storage takes place as a function of the security zone:

-   -   Internet

The user only has guest access and cannot dial any applications. Thestorage of the access rights takes place in a data bank as a “guest”profile of the “guest” user group.

-   -   Extranet

The user has a personalized access, i.e., he must make an application inthe information service system, and access to police applications isrefused. Access to content management applications is permitted. Storagetakes place in a data bank for each user name and for a specific usergroup, such as “transport operators”, “diplomats”, etc.

-   -   Intranet

The user has a personalized access and generally has the function of apolice officer or magistrate. Access to police and other applications ispartly to fully allowed. Storage takes place in a data bank per username and for one or more specific user groups, such as e.g. “policeofficer”, “office manager”, etc. As the user circle normally also hasdirect access to the file system (office communication, etc.), a profileis also linked with the user profile of the operating system (NT, LDAP,etc.).

The data security referred to under c) is produced by means of anencryption mechanism, which encrypts and decrypts all data transmittedand received via an active session. A session begins with the logging inof the user and ends as soon as a user has logged off or has not beenactive for a defined time, e.g. 30 minutes. Encryption takes place bymeans of a symmetrical procedure and for this purpose, both sidesrequire an identical key. The latter is produced as described under a)and is only valid for one session.

In conjunction with the data integrity referred to under d), adistinction must be made between transfer of HTML/WML data and e-mails.In the former case, data integrity security takes place by encryptingthe transmitted data with an individual symmetrical key for eachsession. In the latter case security is provided in two steps: First,the transmitted data are encrypted as in the first case; and second,each e-mail receives a sender signature.

Hereinafter and with reference to FIG. 3 further details will be givenon the functional systematics of the intelligent, dynamicallyimplemented portal B. It is a dynamic portal because the contents of theportal are displayed as a function of the external context, whichcomprises the following elements:

-   -   date, time,    -   user,    -   special, police-relevant events.

The portal B assumes the function of an intermediary of the user, boundto the portal B by one of the aforementioned access channels and thedownstream information systems of the police. The intelligent portal Bhas different tasks, which are implemented by means of differentengines. To ensure that users are supplied by said engines with thedesired data important and necessary for them, in an upstream layer in adevice 54 there is an authentication or personalization for the purposeof authenticating and identifying a user. Following this in an enginelayer there is a subscription engine 56, a filter engine 58, aninformation repository engine 60, an application repository engine 62and an office communication repository engine 64, the functions of whichwere described hereinbefore. The filter engine and subscription enginerepresent intelligent agents. The engines for the purpose of fulfillingtheir engine information area functions, communicate via fixed,specified interfaces with different information processing systemsoperating in the background.

The engine layer is located on a layer with an administration device(not shown) for administering users, engine configuration andadministering upstream and downstream layers.

The downstream systems C incorporate two external data banks 36 a, 36 bof a private and a public organization, a local application device 42, alocal office communication system 44, a local data warehouse 46, a localmedia data bank 43 and local data banks 45.

The components shown in FIG. 3 completely cover the different policetask fields. Access to the different applications and value-addedservices, in which one is shown and given the reference numeral 66,through the portal B, is controlled by the association of user and usergroup rights. Thus, each officer is provided with those applicationswhich he requires for fulfilling his specific functions. As a result ofthe integration of these components in the information service system,they are displayed in their sense context. This facilitates the linkingof the existing data with information.

On the basis of the inquiry, a request broker 68 associates it with thecorrect engine and after running the inquiry ensures that theinformation obtained is transmitted back to the correct user. By meansof an output engine 70 the user is given the possibility of obtaininginformation objects via different communication channels in differentformats. There is also an interface integrator 67.

Portal B permits the implementation of the idea of the operative work ofthe police. With a standardized access, namely the portal, the differentapplication devices (legacy systems) of the police are renderedaccessible and interlinked and consequently become an indirect part ofthe portal. It is important to produce the context from the data of theexisting application devices, in order to give a new information qualityand therefore generate the additional service necessary for the police.The necessary information is displayed in context making the policebetter able to fulfill their functions and enabling strategic aims to bemore logically fulfilled.

Besides the integration of existing application devices on the basis ofthe above-described portal architecture, the invention also includes theidentification, implementation and integration of future applicationdevices in the portal.

New application devices built according to the presently describedarchitecture can be made available in a simple, standardized manner andlinked with existing information systems. Thus, the police can beassisted in those areas where, as a result of lack of instruments,potential for improvement exists. For example, it is possible tointegrate and control risk management instruments or training andknowledge application devices.

As a result of the integrative aspect of the portal, information fromdifferent applications is interlinked and made available, as needed, byusers. It is therefore possible to gather use recommendations andhandling alternatives from present case data and filed information onpast cases. Another example would be the information side provided ingeographically regionalized and user group-related manner. Thus, anofficer is acquainted with existing, regional police-relevant eventssuch as when he requires search information on local events andactivities. These so-called value-added services are created byintelligent linking and representation of given data values in the formof aggregated and selected information for the police.

The information service system may include a starting page containinglinks to the integrated applications and value-added services. The linksare grouped into integrated applications, value-added services andpersonal applications. The personal applications include not onlye-mail, use planning and local events, but also personal search agentsresulting both from integrated applications and value-added services.The aforementioned components are the most frequently utilized portalcomponents, and must therefore be made the most easily available.

The intelligent portal links existing or future police applications andcreates additional value from given data as a result of a common surfaceand integrated services. The individual components can be existingapplications, which could also exist independently, such as e-mail or anoperative information system, or future applications, which are thenintegrated in the portal.

The integration of applications from the following areas is possible forcomprehensively assisting police tasks.

Target-oriented Control

This application case covers all evaluations of operative data fordetailed use planning, including (a) the determination of information,(b) linking information, (c) geographical representation of information(regional evaluation of facts) and (d) making available information forcontrolling and risk management.

Operative Information and Control System

This application case covers the provision of control information, whichcan be subdivided into the following:

(a) Internal result, e.g. debit note;

(b) External result, e.g. clearing up rate, subjective feeling ofsecurity, recurrence figures;

(c) Processes, e.g. ratio of value-creating to administrativeactivities, average clearing up period, ratio of arrests to convictions;and,

(d) Organization, e.g. sick rate, attended training programs, number ofimplemented improvements.

The innovation includes the availability and attainability ofinformation. At present, such information is determined manually andthen sent via e-mail to the party in question and other persons.Integration by means of the information service system portal means thatthe relevant information is made available to the given parties bysubscription or search and using the portal.

Competency

The “competency” application case relates to training measures which canbe offered via the portal. As a result of the technology used, theoffice is able, as required, to attend training offers on-line in hisworking environment. These training offers include interactive learningprograms passing from electronic reference works via simpledialogue-controlled training, and finally extending to media training.

Administrative Assistance

Administrative assistance by the portal covers all tasks linked withcases and all personal and administrative activities, which arenecessary, but take up a large amount of time. As a result of the use ofthe portal, there is an integration of available information resources;as a result of that integration, an efficiency increase is obtained. Anexample is the direct obtaining of information at the location of theevent, followed by the obtaining of further specific information, andfinally the administration of the information in the form of individualreports. In the specific example the portal directly renders availableall the necessary information, and this can be further processed atanother location without previously acquiring the information again. Atpresent, such information is polled by radio, thus requiring anadditional officer. Subsequently, the information is noted and extendedby more specific information. The latter is passed by radio to anotherofficer (e.g. team leader) and noted. On adding further information,collation takes place, and in the least favorable case, the initialinformation inquiry is repeated.

Each officer also has personal administrative tasks and these can besimplified by different applications integrated into the portal. Throughthe personalization of information relevant to the officer, he can beautomatically supplied therewith. There is no need for the officer topersonally obtain this information. For example, an officer can beautomatically supplied with new training offers for his special field.

Value-added Services

These services are those allowing information polling and theacquisition of actual data. For example, actual data can be acquired andtransmitted in situ, i.e. in the office or at the location of the event.Aggregation categorization and evaluation of the data are automated. Theevaluations obtained in automated form are then supplied to theparticular officer as a function of the personalization mechanisms. Thisprocess can take place by the provision of the value-added just-in-timeservice. Up to now, the procedure has required multiple manual activityand has taken 24 or more hours.

Hereinafter, details are given of a possible application of theinformation service system according to the invention. This applicationrelates to the integration of the information service system into theeveryday activities of police officers equipped with a terminal in theform of a WAP-capable device. It is also used for illustrating how anofficer is provided with an added value by the portal as a result of theintegration of information systems, which he cannot have without saidportal.

At the start of his shift in the first district of his home townSchdnstadt, Peter Sicher and his colleague Zabel travel with a servicevehicle to the district allocated to them via the information servicesystem.

(a) Sicher switches on the WAP-capable device installed in the vehicle.On reaching the target area, they receive the information that the dutyroster has changed due to the loss of two colleagues and they are to bedispatched in a different district. As the two do not have informationon this new district, they call up the value-added “risk management”service of the information service system, whereby both learn that overthe last few months in this quiet area increasing numbers of burglarieshave occurred. Although a precise demarcation of the area has beenpossible, up to now no suspects have been found. Sicher and Zabel decideto show a greater presence in the area in question.

(b) In his personal subscription, Sicher acquires the information thatin four weeks, a training course in his special field of “procurementcrime” will be available. He immediately applies for it and isautomatically informed that a place has been reserved for him. Documentsare automatically sent to his electronic post box and the trainingcourse is noted in the use planning system. Sicher's supervisor receivesan electronic communication immediately confirming enrollment in theoffice.

c) After entering a side street, Zabel notes that a vehicle has beenunlawfully parked on the pavement, and upon closer examination, findsthat the vehicle is not locked. By means of the information servicesystem portal B, he polls the INPOL data bank 36 c the registrationdetails of the vehicle (cf. FIG. 4), but no messages are provided. Thefilter engine (not shown) supplies him with the message that the vehicleowner is being sought in the EUROPOL data bank 36 d. However, there isno entry in the INPOL data bank 36 c. Zabel records the location of thevehicle and passes the information back to the office DS. By radiotransmission, he contacts the team leader who has in portal B theestablished information and also the EUROPOL information. The teamleader makes all the necessary arrangements and Sicher and Zabel areinstructed to park their vehicle in the vicinity and await furtherinstructions.

At the end of the day, the service manager DL receives an evaluation ofall incidents of the day in question by means of the local device 42. Onthe basis of this information, he decides about the necessaryadaptations of the duty roster for the following day. Duty rosteradaptations are secured, and the police officers are then automaticallyinformed of the changes.

(d) Back in the office DS, Sicher and Zabel make the necessary reportsusing the local office communication system 44. They make use of theentries recorded during the day. Most of the work has already beencompleted, as these are usually standard procedures. The cases encodedin situ are already available in printed-out form in their filingcompartments.

Four applications of the information service system were describedabove. Each application case reveals a special function only availableto a limited extent or not available in the police service at present:

(a) Direct information on a data evaluation;

(b) Direct information on personal interests/requests;

(c) Intelligent integration of different systems and integration ofinformation for further processing; and,

(d) Further use of mobile-acquired data for efficient processing ofstandard procedures.

FIG. 4 shows the information flows between a user, namely Sicher andcomponents of an information service system corresponding to thepreviously described application case. The reference numerals have thefollowing significance:

-   -   101: Authentication    -   102 a: Personalization    -   102 b: Portal display    -   103: Registration plate search enquiry    -   104 a: INPOL search engine    -   104 b: EUROPOL search engine    -   105 a: INPOL answer    -   105 b: EUROPOL answer    -   106: Message back to Zabel    -   107: Determination of facts    -   108 a: Securing data/metadata    -   108 b: Standard report generation    -   109: Standard report and data to team leader    -   110 a: Radio contact between Zabel and team leader    -   110 b: Team leader instructions to Sicher and Zabel    -   111 a: Daily evaluation subscription engine    -   111 b: Daily evaluation production    -   111 c: Daily evaluation to team leader    -   112 a: Further use planning    -   112 b: Securing use planning

The features of the invention disclosed in the description, drawings andclaims can be essential to the implementation of the differentembodiments of the invention, either individually or in combination.

1. An information service system which controls access to multiple types of applications, comprising: information systems which support multiple types of integrated law enforcement applications, including personal applications, law enforcement competency applications, and law enforcement administrative applications; a portal for standardized law enforcement access to the information systems; wherein the portal comprises a content display which is a function of time, date, and a portal user, and wherein the portal comprises an application server operable to subdivide access to the information systems and applications into multiple security zones in which user identification is a function of the security zones and in which the multiple security zones comprise: an Internet security zone which implements guest access to the information systems without implementing an identification procedure; an Extranet security zone which implements trusted access to the information systems and through which access is granted to a first type of application and access is refused to a second type of application in the multiple types of applications and that implements a username and password identification procedure; and an Intranet security zone which provides law enforcement terminal access to both the first and second types of applications and that implements a username and biometric identification procedure for authorizing law enforcement access to the multiple types of the integrated law enforcement applications; and wherein portal provides integrated access to the multiple types of integrated law enforcement applications according to the security zones; and wherein the law enforcement competency applications are operable to deliver an interactive learning program training offer to the portal user and operable to reserve a training place for the portal user.
 2. An information service system according to claim 1, characterized in that the information systems Incorporate at least one data bank.
 3. An information service system according to claim 1, characterized in that the information systems incorporate at least one local media data bank.
 4. An information service system according to claim 1, where the competency application is operable to reserve the training place in response to an application from the portal user.
 5. An information service system according to claim 1, further comprising a firewall between the portal and the information systems.
 6. An information service system according to claim 1, where the portal further comprises an authentication device for authenticating the portal user.
 7. An information service system according to claim 1, where the personal application comprises a personal search agent.
 8. An information service system according to claim 1, where the law enforcement administrative application comprises an administrative reporting application.
 9. An information service system according to claim 1, further comprising a subscription engine through which the portal user subscribes to an information list.
 10. A method for controlling access to multiple types of applications, the method comprising: establishing information systems which support the multiple types of integrated law enforcement applications, including personal applications, law enforcement competency applications, and law enforcement administrative applications; establishing a portal to the information systems for standardized law enforcement access, including an application server; providing, with the portal, a content display which is a function of time, date, and a portal user; with the application server, subdividing access to the information systems and applications into multiple security zones in which user identification is a function of the security zones and in which the multiple security zones comprise: an Internet security zone which implements guest access to the information systems and applications without implementing an identification procedure; an Extranet security zone which implements trusted access to the information systems and applications, and through which access is granted to a first type of application and refused to a second type of application in the multiple types of applications and that implements a username and password identification procedure; and an Intranet security zone which allows law enforcement terminal access to both the first and second types of applications and that implements a username and biometric identification procedure for authorizing law enforcement access to the multiple types of integrated law enforcement application; providing integrated access to the multiple types of integrated law enforcement applications through the portal according to the security zones; delivering a training offer for an interactive learning program from the law enforcement competency application to the portal user; and reserving a training place for the portal user.
 11. The method of claim 10, where establishing the information systems comprises establishing a media data bank.
 12. The method of claim 10, where establishing the information systems comprises establishing a local office communication system.
 13. The method of claim 10, where reserving comprises: reserving a training place for the portal user in response to an application from the portal user.
 14. The method of claim 10, further comprising: establishing a firewall between the portal and the information systems.
 15. The method of claim 10, further comprising: establishing an authentication device for authenticating the portal user.
 16. The method of claim 10, where the personal application comprises a personal search agent.
 17. The method of claim 10, where the law enforcement administrative application comprises an administrative reporting application.
 18. An information service system according to claim 1, where the portal comprises value-added service systems.
 19. An information service system according to claim 18, where the portal further comprises a request broker operable to allocate a user enquiry between the value-added service systems.
 20. An information service system according to claim 1, where the portal further comprises an output engine operable to deliver information objects through different access channels in different formats.
 21. An information service system according to claim 1, where the portal is operable to provide geographically regionalized information to the portal user. 